package com.icss.back.filter;

import java.io.IOException;
import java.util.Collections;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.icss.common.util.ConstatFinalUtil;
import com.icss.common.vo.ApiResponse;
import com.icss.common.vo.ApiResponseEnum;
import com.icss.service.IUsersDbService;
import com.icss.vo.MakeupAdmins;

/**
 * 创建一个过滤器的步骤和Servlet一样 实现一个Filter接口
 * 
 * @author 陈岩
 */
@WebFilter(urlPatterns = "/back/*")
public class AuthBackFilter implements Filter
{
	/*
	 * 这两个对象,中的彼此引用 是null; 如果想赋值,必须调用set方法
	 */
	private IUsersDbService usersDbService;

	@Override
	public void destroy()
	{
		ConstatFinalUtil.SYS_LOGGER.info("==AuthBackFilter==destroy=");
	}

	/**
	 * 过滤器所做的事情=====Servlet中的Service
	 */
	@Override
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
			throws IOException, ServletException
	{
		ApiResponse<Object> apiResponse = new ApiResponse<Object>();
		/*
		 * 虽然参数中指定的是ServletRequest,但是通过运行时打印发现: req就是HttpServletRequest;
		 */
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;
		/*
		 * 获取到Session session是httpServletRequest才有的方法
		 */
		HttpSession session = request.getSession();
		/*
		 * 取票 getAttribute之前,一定要确定setAttribute
		 */
		MakeupAdmins admins = (MakeupAdmins) session.getAttribute("admins");
		// RequestFacade rs = null ;
		/*
		 * 在该拦截的地方拦截了.(他发现了游客)
		 * 
		 * ~请出示一下你的票, 有票:sorry,知道了,玩的开心;放行 木有票:请到大门处,补票;提供一个友好的页面
		 * 
		 * ~在登陆提交操作,为用户发票(登陆成功)
		 */
		if (admins != null)
		{
			/* 放行--登陆成功 */
			this.authVerify(chain, request, response, admins);
			return ; 
		} 
		apiResponse.setCode(ApiResponseEnum.INFO_LOGIN_ILLEGAL.getStatus());
		apiResponse.setInfo(
				ConstatFinalUtil.INFO_JSON.getString(apiResponse.getCode() + ""),
				Collections.EMPTY_MAP);
		/* 存储信息 */
		session.setAttribute("response", apiResponse.toJSON());
		response.sendRedirect(request.getContextPath() + "/NoLoginServlet?method=adminsLogin");
	}

	/**
	 * 权限验证 ~肯定是已经登陆的;就可以查询到管理员, ~就可以查询到角色 ~就可以查询到角色所应的菜单
	 * ~拿着当前访问的url和菜单中对应的url,比对,如果比对成,有权限,比对失败,木有权限
	 * 
	 * @param request
	 * @param response
	 * @throws ServletException
	 * @throws IOException
	 */
	private void authVerify(FilterChain chain, HttpServletRequest request, HttpServletResponse response, MakeupAdmins admins)
			throws IOException, ServletException
	{
		chain.doFilter(request, response);
	}

	@Override
	public void init(FilterConfig config) throws ServletException
	{
		ConstatFinalUtil.SYS_LOGGER.info("==AuthBackFilter==init=");
	}

}
